Metasploit mailing list archives
Bug in auxiliary/admin/backupexec/dump
From: Robin Wood <robin () digininja org>
Date: Thu, 2 Jun 2011 11:35:30 +0100
There is a bug in the auxiliary/admin/backupexec/dump module. In this code if the length is less than 4 then get_once is called but as the length is less than 4 when 4 is subtracted you are requesting a negative length: def ndmp_recv(nsock = self.sock) # Attempt to read at least four bytes (the length value) if (self.recv_buff.length < 4) self.recv_buff << ( sock.get_once(self.recv_buff.length - 4, 5) || '' ) end This is the exception thrown in my situation as the initial length is 0 so a length of -4 is requested. msf auxiliary(dump) > exploit [*] Attempting to retrieve C:\boot.ini... [-] Auxiliary failed: ArgumentError negative length -4 given [-] Call stack: [-] /Users/robin/src/msf/lib/rex/io/stream.rb:71:in `read_nonblock' [-] /Users/robin/src/msf/lib/rex/io/stream.rb:71:in `read' [-] /Users/robin/src/msf/lib/rex/io/stream.rb:201:in `get_once' [-] /Users/robin/src/msf/lib/msf/core/exploit/ndmp.rb:91:in `ndmp_recv' [-] (eval):85:in `run' [*] Auxiliary module execution completed It either needs to request a correct length or this if needs removing and the next one that just returns if length is less than 4 left in. Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Bug in auxiliary/admin/backupexec/dump Robin Wood (Jun 02)